CVE-2021-27040
LOWAutodesk Advance Steel < 2019.1.3 - Out-of-Bounds Read
Title source: ruleDescription
A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_misc
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-21-1238/
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-21-1236/
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-22-378/
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-22-473/
Scores
CVSS v3
3.3
EPSS
0.0033
EPSS Percentile
56.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-125
Status
published
Products (13)
autodesk/advance_steel
2019 - 2019.1.3
autodesk/autocad
2019 - 2019.1.3
autodesk/autocad_architecture
2019 - 2019.1.3
autodesk/autocad_electrical
2019 - 2019.1.3
autodesk/autocad_lt
2019 - 2019.1.3
autodesk/autocad_map_3d
2019 - 2019.1.3
autodesk/autocad_mechanical
2019 - 2019.1.3
autodesk/autocad_mep
2019 - 2019.1.3
autodesk/autocad_plant_3d
2019 - 2019.1.3
autodesk/civil_3d
2019 - 2019.1.3
... and 3 more
Published
Jun 25, 2021
Tracked Since
Feb 18, 2026